Facebook has revealed an update to its app investigation and audit that CEO Mark Zuckerberg had announced on March 21. The investigation is in response to the Cambridge Analytica situation.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it,” Zuckerberg wrote in a post at the time.

The original statement made by Zuckerberg revealed a three step approach to the investigation. First, he wanted to investigate all apps that had previously had access to large amounts of information before changes to Facebook in 2014 significantly reduced data access. Developers that did not agree to a thorough audit would be banned, developers that were found to have abused personal information would be banned, and users affected by the misuse would be notified.

He also wanted to restrict developer access even more in order to prevent further abuse. Zuckerberg stated that Facebook would remove a developers’ access to user data if a user had not used that app in three months. In addition it would reduce the amount of data given to an app when users sign in to only their name, profile photo, and email address. Developers would have to get approval and sign a contract in order to even ask to obtain users’ posts or additional data.

The third point was to make sure users understand which apps are allowed to access their data. Zuckerberg revealed that Facebook would be launching a tool at the top of the News Feed showing what apps a user has used and offer a simple way to revoke access to data. This functionality was already present in Facebook’s privacy settings, but will be moved to ensure greater visibility.

According to Facebook, the investigation is already taking place, and is split into two phases. The first is a review to identify apps that had access to data, and the second is to conduct interviews, make requests for information, and perform audits on apps where there is a concern.

Thousands of apps have already been investigated by internal and external experts. According to the company, around 200 apps have been suspended and are pending a thorough investigation into whether they actually did misuse data.

If Facebook finds evidence that those apps did misuse data, it will ban the app and notify people via a website, like they did with Cambridge Analytica, that will inform users if they or their friends installed an app that misused data before 2015.

“There is a lot more work to be done to find all the apps that may have misused people’s Facebook data – and it will take time. We are investing heavily to make sure this investigation is as thorough and timely as possible. We will keep you updated on our progress,” Ime Archibong, vp of product partnerships for Facebook, wrote in a post.